For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
  • Getting Started
    • Introduction
    • Getting Started
    • Tia — Operations Assistant
    • Architecture
    • Security Architecture
  • Onboarding & Plans
    • Onboarding Overview
    • Plans & Subscriptions
    • Tia Credits
  • Tenancy & Governance
    • Roles & Members
    • Audit Log
    • Notifications
    • Economic Operators
  • Authoring Studios
    • Content Studio
    • Theme Studio
    • Advanced Studio (Track B)
  • Product Module
    • Products
    • Custom Fields
    • Global Search
    • Identifiers
    • Product Import
    • Bulk Editing
    • Bulk Updates
    • Resolver & GS1 Digital Link
    • GS1 Digital Link Contract
  • Localisations
    • Overview
    • Market Packs
    • Multilingual Content
  • Domains & Custom Hostnames
    • Domain Architecture
    • Resolver Domain Flow
    • Custom Hostname Setup
    • DNS Setup Guide
    • Resolver & Passport Rendering
    • Custom Hostname Lifecycle
    • Troubleshooting
  • Passports
    • Overview
    • Passport Operations
    • Lifecycle States
    • Controlled Update & Break-Glass
    • Content & Templates
    • Themes & Presentation
    • Consumer Experience
    • Publication Lifecycle
    • Brand Setup & Readiness
    • Drafts
  • Passport Intelligence
    • Passport Intelligence
    • Intelligence Overview
    • Scan Visibility
    • Trust Signals
    • Engagement Insights
    • Investigation Timelines
    • Data & Privacy
    • Roadmap
  • Minting
    • Overview
    • Lifecycle
    • Architecture
    • Limits & Performance
    • Token Preview
    • Exports & Print Jobs
    • Carrier Output Profiles
    • Bring-Your-Own Serials
    • Security
    • FAQ
  • API Reference
    • API Credentials Guide
    • API: Credentials
    • API: Products
    • API: Identifiers
    • API: Import
    • API: Batches
    • API: Attachments
    • API: Bulk Updates
    • API: Minting
    • API: Resolver
    • API: Search
On this page
  • What It Does
  • Authentication & Permissions
  • RPCs
  • create_product_attachment_record
  • list_product_attachments
  • soft_delete_product_attachment
API Reference

API: Attachments

Was this page helpful?
Previous

API: Bulk Updates

Next
Built with

What It Does

The Attachments API lets you create metadata records for product attachments, list attachments for a product, and soft-delete attachments. Attachment metadata is managed through RPCs; actual file upload and download use the storage layer separately.

Authentication & Permissions

All RPCs require an authenticated session. Mutations require a role with sufficient permissions for the target brand.

RPCs

create_product_attachment_record

Creates a metadata record for a new product attachment.

Request

1{
2  "_brand_id": "uuid",
3  "_product_id": "uuid",
4  "_filename": "test-report.pdf",
5  "_mime_type": "application/pdf",
6  "_size_bytes": 204800
7}

Response

1{
2  "id": "uuid",
3  "product_id": "uuid",
4  "filename": "test-report.pdf",
5  "mime_type": "application/pdf",
6  "size_bytes": 204800,
7  "storage_path": "brand-uuid/product-uuid/attachment-uuid",
8  "created_at": "2026-01-15T12:00:00Z"
9}

Errors

  • Not authenticated — request has no valid JWT.
  • Forbidden — caller does not have sufficient access.
  • Invalid input — request is malformed or cannot be processed.

Notes

  • This RPC creates the metadata record only. File upload is handled separately via the storage layer.

list_product_attachments

Returns all active (non-deleted) attachments for a product.

Request

1{
2  "_brand_id": "uuid",
3  "_product_id": "uuid"
4}

Response

1[
2  {
3    "id": "uuid",
4    "filename": "test-report.pdf",
5    "mime_type": "application/pdf",
6    "size_bytes": 204800,
7    "storage_path": "brand-uuid/product-uuid/attachment-uuid",
8    "created_at": "2026-01-15T12:00:00Z"
9  }
10]

Errors

  • Not authenticated — request has no valid JWT.
  • Forbidden — caller does not have sufficient access.
  • Invalid input — request is malformed or cannot be processed.

soft_delete_product_attachment

Marks an attachment as deleted without permanently removing it.

Request

1{
2  "_brand_id": "uuid",
3  "_attachment_id": "uuid"
4}

Response

1{
2  "id": "uuid",
3  "is_deleted": true,
4  "deleted_at": "2026-01-15T13:00:00Z"
5}

Errors

  • Not authenticated — request has no valid JWT.
  • Forbidden — caller does not have sufficient access.
  • Invalid input — request is malformed or cannot be processed.

Notes

  • Soft-deleted attachments are excluded from list_product_attachments results.